Security as a Service Model in SOA

The software architecture requires interoperable security mechanisms. This article focuses on applying security requirements to service-oriented solution design. SOA security is very much concerned with what the system is supposed to do and what can go wrong. This article presents the service-oriented approach — security services that can be developed and tested and applied against many types of applications or scenarios. The proposed concept has the contribution to allow for SSAS (Software Security as a Service) providers to provide access to software services without requiring the customer to host this service within their local environment. In this model, the access control decision and (ideally) enforcement functionality is not embedded within an application. The split of enforcement and decision point has its advantages. Key-Words: SOA, Service, ESB, SSAS, Security, Security Enforcement Service, Security Decision Service